KIA KO! Web Hackers Vs. The Auto Industry Round 2

Researchers disclosed a critical remote-access vulnerability in KIA dealer web applications (kiaconnect.kdealer.com and related APIs) that allowed attackers to retrieve owner PII and perform remote vehicle actions (lock/unlock, start/stop engine, honk, locate) by leveraging dealer account registration and generated access tokens or simply using vehicle identifiers; the team reported the issue to KIA, observed delayed remediation, and highlighted the systemic risk of single points of failure in connected-vehicle ecosystems.